Play with my 'crops'

Main Menu

password protected folder for a tiny web server

I have a tiny web server “lighttpd” at a NAS (Network Attached Storage). It gets more popular than the conventional appache in last years (in particular for light web server markets). Lighttpd is very nice, as it’s light weight, easy to configure and most of all, easy to password-protect folders. There are 3 password formats:

plain A file which contains username and the clear text password separated by a colon. Each entry is terminated by a single newline. e.g.

agent007:secret

htpasswd A file which contains username and the crypt()’ed password seperated by a colon. Each entry is terminated by a single newline.

e.g.: agent007:XWY5JwrAVBXsQ

You can use htpasswd from the apache distribution to manage those files.

$ htpasswd file4lighttpd.user.htpasswd agent007

htdigest A file which contains a line per user identification. Each line contains the username, realm and a MD5 value separated by colons. eg

agent007:download area:8364d0044ef57b3defcfa141e8f77b65

The MD5 value is the checksum of a string concatenating theusername, realm and password, separated by colons.

There are many ways to create htdigest file. I prefer the 2nd approach, as it is easy and need non additional installation. The important thing is to restrict access to your password file. You don’t want it has rwxrwxrwx access. I keep my as